The tweet describes a bypass technique for WAF using Censys to find the original IP. This bypass technique involves IP Spoofing. The tweet suggests that 80% of the time, the original IP can be obtained using this method. An investigation into the vendor of the WAF would be needed for further details and specifics on the bypass.
Sometimes #WAF Can Be Annoying The Only Way To Bypass it is to Find The Original IP For That I Would Recommend Censys, 80% of The Time I Was Able To Get The Actual IP #bugbounty#bugcrowd
— Helal Sadat (@HelalSadat47) May 10, 2024